-
Notifications
You must be signed in to change notification settings - Fork 134
/
Copy pathqueues.tf
93 lines (77 loc) · 2.45 KB
/
queues.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Copyright 2024 the JSR authors. All rights reserved. MIT license.
locals {
publishing_tasks_queue_name = var.gcp_project == "deno-registry3-prod" ? "publishing-tasks3" : "publishing-tasks"
npm_tarball_build_tasks_queue_name = "npm-tarball-build-tasks2"
}
resource "google_cloud_tasks_queue" "publishing_tasks" {
name = local.publishing_tasks_queue_name
location = "us-central1"
retry_config {
max_attempts = 30
min_backoff = "1s"
max_backoff = "60s"
}
rate_limits {
max_concurrent_dispatches = 30 # this is bounded by Cloud Run invoke concurrency
}
stackdriver_logging_config {
sampling_ratio = 1.0
}
lifecycle {
# Names of queues can't be reused for 7 days after deletion, so be careful!
prevent_destroy = true
}
http_target {
uri_override {
host = trimprefix(google_cloud_run_v2_service.registry_api_tasks.uri, "https://")
path_override {
path = "/tasks/publish"
}
}
oidc_token {
service_account_email = google_service_account.task_dispatcher.email
}
}
}
resource "google_cloud_tasks_queue" "npm_tarball_build_tasks" {
name = local.npm_tarball_build_tasks_queue_name
location = "us-central1"
retry_config {
max_attempts = 30
min_backoff = "1s"
max_backoff = "60s"
}
rate_limits {
max_concurrent_dispatches = 30 # this is bounded by Cloud Run invoke concurrency
}
stackdriver_logging_config {
sampling_ratio = 1.0
}
lifecycle {
# Names of queues can't be reused for 7 days after deletion, so be careful!
prevent_destroy = true
}
http_target {
uri_override {
host = trimprefix(google_cloud_run_v2_service.registry_api_tasks.uri, "https://")
path_override {
path = "/tasks/npm_tarball_build"
}
}
oidc_token {
service_account_email = google_service_account.task_dispatcher.email
}
}
}
resource "google_service_account" "task_dispatcher" {
account_id = "task-dispatcher"
display_name = "service account used when dispatching tasks to Cloud Run"
project = var.gcp_project
}
resource "google_cloud_run_service_iam_member" "task_dispatcher" {
location = google_cloud_run_v2_service.registry_api_tasks.location
project = google_cloud_run_v2_service.registry_api_tasks.project
service = google_cloud_run_v2_service.registry_api_tasks.name
role = "roles/run.invoker"
member = "serviceAccount:${google_service_account.task_dispatcher.email}"
}